安裝前:
安裝後:
開放 SSH 存取
http://pario.no/2008/05/21/using-ufw...buntu-804-lts/
#ufw allow ssh/tcp
檢查 MX 是否生效
#host -t mx osslab.co.cc osslab.co.cc mail is handled by 0 mail.osslab.co.cc. #host -t a mail.osslab.co.cc mail.osslab.co.cc has address 211.72.203.62
設定防火牆 ufw
編輯 /etc/ufw/before.rules,加上這幾行
... # enable zimbra ports -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 7071 -j ACCEPT -A ufw-before-input -m state --state NEW -m tcp -p tcp --dport 5480 -j ACCEPT ...
重啟防火牆
ufw disable ufw enable
Zimbra 指令
NOTE: 要執行以下指令必須先 su - zimbra。
檢查各服務狀態
$zmcontrol status Host mail.osslab.co.cc antispam Running antivirus Running convertd Running ldap Running mailbox Running mta Running spell Running stats Stopped
啟動/關閉各服務
所有服務 $zmcontrol stop $zmcontrol start Stats 服務 $ zmstatctl start Invoking: /opt/zimbra/libexec/zmstat-proc Invoking: /opt/zimbra/libexec/zmstat-cpu Invoking: /opt/zimbra/libexec/zmstat-vm Invoking: /opt/zimbra/libexec/zmstat-io -x Invoking: /opt/zimbra/libexec/zmstat-df Invoking: /opt/zimbra/libexec/zmstat-io Invoking: /opt/zimbra/libexec/zmstat-fd Invoking: /opt/zimbra/libexec/zmstat-allprocs Invoking: /opt/zimbra/libexec/zmstat-mysql Invoking: /opt/zimbra/libexec/zmstat-convertd Invoking: /opt/zimbra/libexec/zmstat-mtaqueue
其他系統指令
ufw 防火牆
關閉/開啟防火牆 ufw disable ufw enable 目前防火牆規則 iptables -L -n ufw status
Ans:檢查 /var/log/messages,有否出現以下訊息
Mar 20 13:55:58 mail kernel: [58142.842903] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:0c:29:79:64:aa:00:90:1a:48:cb:fe:08:00 SRC=111.111.111.111 DST=222.222.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=9315 DF PROTO=TCP SPT=32903 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 20 13:56:01 mail kernel: [58145.832682] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:0c:29:79:64:aa:00:90:1a:48:cb:fe:08:00 SRC=111.111.111.111 DST=222.222.222.222 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=9317 DF PROTO=TCP SPT=32903 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
如果 111.111.111.111 是你的電腦對外IP,可能是被 iptables 防火牆擋住,將防火牆暫時關閉,再瀏覽一次網頁
關閉防火牆
#ufw disable
Images 0 | ||
---|---|---|
No images to display in the gallery. |